Talos Vulnerability Report

TALOS-2016-0175

September 5, 2016

CVE Number

CVE-2016-4329

Summary

An local denial of service vulnerability exists in window broadcast message handling functionality of Kaspersky Anti-Virus software.
Sending certain unhandled window messages, attacker can cause application termination and in the same way bypass KAV self-protection mechanism.

Tested Versions

Kaspersky Total Security 16.0.0.614

Product URLs

http://www.kaspersky.com/

Details

Broadcast window messages are used by AVP protocol to certain actions trigger in Kaspersky AntiVirus such as switching current application tab to scan, tools, settings, etc. The below dispatcher code is responsible for calling appropriate handlers. The handlers for the wParam values listed result in termination of the Kaspersky AVP user application and protection bypass.